I keep getting a pop-up in my system tray that says "Your computer is infected! Windows has detected spyware infection!" The red circle with an X sits in my tray. I can no longer run HiJack This, not even in Safe Mode, so I cannot post that log. I have searched various forums to find a KillBox.exe and a ComboFix.exe; neither of which will run.

I have run a registry cleaner, which was able to clean up various .dlls and keys. I have run a scan from TrendMicro's website, which cleaned up a trojan, some adware, and some ActiveX controls. I ran Microsoft's Malware tool, which found nothing.

We can try this older standalone version of Hijackthis, to use to see a log until we can get the new one to run:

this is a standalone .exe> as soon as you get it downloaded, rename hijackthis.exe to tool.exe and try to get the log for us...it will work the same way. Don't open it, make sure you download it onto your desktop and then, double click tool.exe or whatever you rename it to, select Scan and Save a log, and copy and Paste the log into a reply here.

{Edited by Moderator}-Hi stylez79>> I have removed what you posted here.

I'm sorry but our site has a Rule that no one may assist with removing/ cleaning malware unless qualified with TSG forum permission. There are specific removal tools we use for this infection, they are the best way to attack this. I am posting the Rule here, so you have it as a guide-

And, throughout the security sections, there are links to just about every removal tool and protective or cleaning tool known. We have had to put restrictions in place, about malware removal, due to the newer infections that require cleaning with advanced special tools- that's one additional reason. These tools carry some special directions, and we also reccommend that they only be used with our help.

Quote:

Originally Posted by TSG

Only members who are deemed qualified to remove malware may post to security related threads. These members can be easily recognized by a gold shield or a blue shield (indicating a trainee) that will appear next to their user name.

A paragraph has also been added to the forum rules that reads as follows:

Log Analysis/Malware Removal - In order to ensure that advice given to users is consistent and of the highest quality, those who wish to assist with security related matters must first graduate from one of the malware boot camp training universities or be approved by the administration as already being qualified. Those authorized to help with malware issues have a gold shield next to their name and authorized malware removal trainees have a blue shield next to their names. Anyone wishing to participate in a training program should contact a Moderator for more information.

I'm sorry but our site has a Rule that no one may assist with removing/ cleaning malware unless qualified with TSG forum permission. There are specific removal tools we use for this infection, they are the best way to attack this. I am posting the Rule here, so you have it as a guide-

And, throughout the security sections, there are links to just about every removal tool and protective or cleaning tool known. We have had to put restrictions in place, about malware removal, due to the newer infections that require cleaning with advanced special tools- that's one additional reason. These tools carry some special directions, and we also reccommend that they only be used with our help.

Just wanted to be sure you saw this. To elaborate, while it's fine to have the link to your site in your signature, we like to see that people are here to help others and not solely for the purpose of gaining exposure and more traffic for their own sites.

This could be caused by the messenger service in Windows. If you run Windows Update and get all of the latest security patches, this should stop. It's basically just "Instant Messenger SPAM" that is broadcast out across the net. Good possibility this is the problem.

Hi Compaq__
This infection is well-known, and is the SmitFraud, or Privacy-Danger, fake alert, we have been dealing with this for a very long time...

The poster cannot execute any files.... he may not be able to even post a Hijackthis log, but I am having them try. Most likely, he will not be able to install patches.... I would have them try some of the removal tools for it, but probably they won't run, either...

I would like to see a Hijackthis log, first though....

Also> this site has a Rule about who may post advice when dealing with malware cleaning....this thread obviously is. You may not have seen the Rules section, so here it is:

Quote:

Originally Posted by TSG

Only members who are deemed qualified to remove malware may post to security related threads. These members can be easily recognized by a gold shield or a blue shield (indicating a trainee) that will appear next to their user name.

A paragraph has also been added to the forum rules that reads as follows:

Log Analysis/Malware Removal - In order to ensure that advice given to users is consistent and of the highest quality, those who wish to assist with security related matters must first graduate from one of the malware boot camp training universities or be approved by the administration as already being qualified. Those authorized to help with malware issues have a gold shield next to their name and authorized malware removal trainees have a blue shield next to their names. Anyone wishing to participate in a training program should contact a Moderator for more information.

Saw it. LOL Yes, very familiar with this type of issue. Didn't see him say he can't run executables. From his description sure looks like the old messenger service spam...no tools required to fix that. Just runnin those security patches...
That's my observation...not advice.

About not being able to run executables: Seems it is mostly, antimalware tools that will not run- and actually, we see quite a few of these infections that can disable Hijackthis, plus other security programs.....perhaps not ALL executables, my mistake there... There are some things we can have them try, that will let them post a Hijackthis log, and run tools.

Still, you are not authorized to post removal advice here at TSG- this person has to clear up this infection before being sent off to do a lot of Windows Updates....

See the Quoted information for directions to try and become qualified here at this forum, if you would like to help with malware cleaning.

You will see from the links I posted, that the infection is this type...

Quote:

Originally Posted by llopez704

I keep getting a pop-up in my system tray that says "Your computer is infected! Windows has detected spyware infection!" The red circle with an X sits in my tray. I can no longer run HiJack This, not even in Safe Mode, so I cannot post that log. I have searched various forums to find a KillBox.exe and a ComboFix.exe; neither of which will run.

I have run a registry cleaner, which was able to clean up various .dlls and keys. I have run a scan from TrendMicro's website, which cleaned up a trojan, some adware, and some ActiveX controls. I ran Microsoft's Malware tool, which found nothing.

We can try this older standalone version of Hijackthis, to use to see a log until we can get the new one to run:

this is a standalone .exe> as soon as you get it downloaded, rename hijackthis.exe to tool.exe and try to get the log for us...it will work the same way. Don't open it, make sure you download it onto your desktop and then, double click tool.exe or whatever you rename it to, select Scan and Save a log, and copy and Paste the log into a reply here.

If that does not work for you: First, delete any copies of ComboFix.exe you have now

Quote:

NOTE>>!Very important!! I want you to rename Combofix.exe as you download it to a name of your choice like such as ben.exe. It is very important that save the newly renamed EXE file to your desktop, so it appears right on your screen area.

*****Download link is below, read all of this, before you attempt to download or use ComboFix!!*****

You must rename Combofixe.exe as you download it and not after it is on your computer.

You may have to modify your browser settings if you use Firefox, so you can rename Combofix.exe as you download it. To do that:
Open Firefox
Click Tools -> Options -> Main
Under the downloads section check the button that says "Always ask me where to save files".
Click OK

For Internet Explorer:
Choose to save, not open the file
When prompted - save the file to your desktop, and rename it anything with an .exe extension on the end.

There is a Printable Version button up under the Thread Tools drop down menu that will let you print a nice text version of these instructions. Alternate way to save directions:Open Notepad> Copy and Paste any text you wish into Notepad, and Save the file as something you will recognize like TSGhelp.txt and save it onto your desktop. Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Combofix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click onthis linkto see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

-----------------------------------------------------------

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" in your next reply..And, after you are done posting the log from ComboFix....run Hijackthis again, Scan and Save a Log....post the brand new log

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

THIS THREAD HAS EXPIRED.
Are you having the same problem?
We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.